Cybersecurity and COVID-19: Responding to Increased Risks

The coronavirus crisis has changed the way companies of all sizes serve, protect, and connect with their consumers and employees. In addition to keeping people safe, the C-suite is managing two other top priorities:

Safeguarding their organizations against new threats

Maintaining business as usual during this unusual time.

Stretched Security Limits and Increased Exposure

With millions of employees and students logging on to work and learn, the digital doors to potential cyberattacks have swung wide open. With more people using company-issued devices, videoconferencing, and other collaboration tools, technology executives and IT departments have pivoted from their normal activities to set up and oversee remote workforces, virtually overnight.

Then there are the
vulnerabilities of established cybersecurity challenges, such as employees
opting not to use VPN software, downloading consumer-facing networks, and
engaging in other behaviors to maximize their data and system experiences that
could pose security risks.

Once people sign off from
their work from home responsibilities, they are again turning to the internet
to shop, socialize, and stream entertainment, presenting additional and
increased security concerns, such as phishing and malware.

Systems Under Attack

In recent weeks, the
videoconferencing platform, Zoom, experienced “Zoom Booming,” a new type of
trolling that takes place when uninvited callers disrupt video meetings. The
practice creates a space where bad actors enter public calls to collect
information for intelligence gathering.

Also, just last month,
General Electric filed a data breach notice in California after one of its
partners, Canon Business Process Services, which handles human resources
related documents, was compromised. The breach exposed marriage, death and
divorce certificates, as well as beneficiary information and passports.

Healthcare and Health-Related
Scams are Rising

In early March, reports
revealed that elite hackers attempted to break into the World Health
Organization, as attack attempts on the agency along with its partners, spiked
amid its fight to get the virus under control. Hackers even activated a
malicious site that mimicked the WHO’s internal email system in an attempt to
steal the passwords of multiple agency staff members. On a similar front, the U.S. Department of
Health and Human Services also found itself on the defense from an attack.

During these unprecedented
and uncertain times, scammers are leveraging the COVID-19 pandemic to advance
their schemes with everything from sending fake CDC emails and targeting
vaccine facilities with ransomware to selling counterfeit treatments and
equipment.

Perhaps the most startling
statistic in this space so far: About 2,000 coronavirus-themed websites are
popping up daily, and most are malicious, according to Alexander Urbelis, a
cybersecurity expert and attorney with the Blackstone Law Group which tracks
suspicious internet domain registration activity.

Sought after on the dark web,
medical data and all of the PPI (personally identifiable information) it
contains, such as Social Security numbers and financial data, is a hot
commodity.

Servicing Users, Securing
Systems and Savvy Hackers

In this evolving and challenging
environment, the bandwidth of corporate IT departments and other entities alike
is being tested and divided between handling increased activities such as managing
critical security patches, policing the downloading of unauthorized apps onto
company devices, and a host of other security requirements and
concerns—potentially taking their attention away from monitoring malicious
activity.

Preparation During the
Pandemic

The increased COVID-19 IT security threat is real and will linger long after normal business operations resume.

To protect their networks,
companies, and customers, cybersecurity teams should prepare and stand ready to
respond in the event of a security breach. In these dynamic times, Experian’s
Global Data Breach team remains fully operational and committed now more than
ever, to protect our partners against cyberthreats and attacks.

Latest Tweets

Terms of Blog Site Use

Legal Notice: The information you obtain herein is not, nor intended to be, legal, financial or professional advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.

Experian and the Experian marks used herein are trademarks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.